This exploit targets GoAutoDial CE 2.0 by leveraging a SQL injection vulnerability in the 'manager_send.php' endpoint to execute arbitrary commands. It first checks for vulnerability by running 'uname' and then uploads a PHP shell to '/var/www/html/infogen.php' for remote command execution.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:GoAutoDial CE 2.0
Auth required
Prerequisites:Network access to the target · Valid credentials for the GoAutoDial agent